Privacy policy

The protection of your data is important to us. As a result of this and in order to comply with all legal information and clarification obligations incumbent upon us, we will inform you below how we, EPRD Deutsche Endoprothesenregister gGmbH, process your data and which rights you have with regard to data processing.

Data controller

Data controller:
EPRD Deutsche Endoprothesenregister gGmbH (German Arthroplasty Rrgistry)
Straße des 17. Juni 106-108
10623 Berlin
Phone: (030) 340 60 36 40
Fax: (030) 340 60 36 41

You can reach our data protection officer at:
EPRD Deutsche Endoprothesenregister gGmbH
Mr. Roman Maczkowsky (Data Protection Officer)
Straße des 17. Juni 106-108
10623 Berlin

All contact data, including that of our data protection officer and for PGP/GPG-encrypted email communication, can be found in the imprint of our website.

Subject of data protection

The subject of data protection is personal data. According to Art. 4 No. 1 of the EU General Data Protection Regulation (GDPR), this is all information relating to an identified or identifiable person. This includes, for example, information such as names, postal addresses, email addresses, telephone numbers, but also content data such as the messages you may send us via the contact form.

Scope and purposes of data collection, processing and storage

In the following, we will inform you about the scope of data collection, processing and storage as well as its use and about the purpose of the respective data collection in the context of the use of this website (hereinafter "data processing", used in the sense of Art. 4 (2) GDPR).

Collection of access data and server log files
On the basis of our legitimate interests within the meaning of Art. 6 (1) (f.) GDPR, we and/or our hosting provider collect data about each access to the server on which this service is located.

When you access and use our website, we collect the personal data that your browser automatically transmits to our server. This information is temporarily stored in a server log file. When you use our website, we collect the following information that is technically necessary for us to display our website to you and to ensure stability and security: IP address of the requesting computer; date and time of the access; name and URL of the retrieved file; website from which the access is made (referrer URL); browser used and, if applicable, the operating system of your computer, as well as the name of your access provider.

The data mentioned for the display of the website is deleted after three days. The collection of data to provide the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on your part. Further storage can take place in individual cases, if this is required by law.

Use of the contact form, enquiry by email or telephone
If you contact us via the contact form, you must at least leave the following personal data or transmit it to us:

• name and surname,
• a telephone number and/or email address
• your request (e.g.: feedback)

By sending us the contact form and the personal data it contains, you consent to your data being collected, processed and stored in accordance with this privacy policy. The same applies if you send us a request by email or telephone. These data are processed and used exclusively for the treatment of your request. The data will not be passed on to third parties without your consent.

The basis for data processing is Art. 6 (1) (f) GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

The data entered in the contact form will be sent directly to us by email. Further storage of personal data on the server does not take place.

When contacting us (e.g. via contact form, email, telephone), the details of the person initiating contact will be processed in order to handle the enquiry and settle it in accordance with Art. 6 (1) (b) GDPR. The data can be stored in a customer relationship management system ("CRM system").

An important note on data security: The transmission of your request via the contact form via email to us is unencrypted. If you would like to send us sensitive information, please use the possibilities of email encryption via PGP/GPG. In our imprint, you will find the email address and the corresponding public GnuPG key for PGP/GPG encrypted email transmission.

Use of data for specific purposes, recipients of data, forwarding of data, duration of data storage
Recipients of personal data (via contact form, email or telephone) are employees of EPRD Deutsche Endoprothesenregister gGmbH and, if applicable, technical service providers within the scope of order processing.

If we disclose data to other persons and companies (contract processors or third parties) in the context of our processing, transfer the data to them or otherwise grant them access to the data, this is only done on the basis of legal permission, or if you have consented, or a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, hosting providers etc.).

The service providers include Domainfactory GmbH (, which hosts our website in Germany, and the agency 3pc GmbH New Communication (, which supports us in website maintenance and development. We have concluded an order processing contract in accordance with Art. 28 GDPR with both companies.

The data will not be passed on in any other way except in the case of prior consent or on a legal basis (e.g. request for surrender by authorities or on the basis of court rulings).

In the case of enquiries via the contact form, by email or by telephone, we delete the personal data in the period between three and six months after the last interaction, provided that there is no business relationship and no conclusion of contract can be assumed. Deletion will not take place, or will only take place later, if statutory archiving obligations prevent deletion.

Rights of data subjects (e.g. rights of information, objection, revocation and deletion)

Right of objection / revocation: Irrespective of the above, you have the right at any time to object to the use of your data in accordance with Art. 21 GDPR and to revoke any consent you may have given to the use of your data at any time.

If you file an objection, we will no longer process your personal data unless we can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.

If you revoke your consent to data processing or object to the use of the data, this will not affect the legality of the data processing until the time of revocation.

Rights to correction, deletion and restriction of processing
You also have a right to correction (Art. 16 GDPR), deletion (Art. 17 GDPR) or restriction of processing (Art. 18 GDPR) under the statutory conditions.

You can change or revoke your consent by notifying us accordingly with effect for the future.

Rights to data transferability and complaints
In addition, you also have the right to data transferability in accordance with Art. 20 GDPR and the right to lodge a complaint with a data protection supervisory authority within the meaning of Art. 77 GDPR. The latter may be requested, for example, from the Berlin representative responsible for data protection and freedom of information, Friedrichstr. 219, 10969 Berlin, Phone: +49 30 13889-0, Fax: +49 30 2155050, Email: (see also

To exercise the aforementioned rights, please send an email to info(at) or use the other contact options mentioned in the imprint of our website.
Please note that this data protection declaration only applies to the website of EPRD gGmbH. Other data protection and data security regulations may apply to the linked external content. You can find out who is responsible for the respective offer in the imprint.